All natural persons whose personal data is processed by a Data Controller (DC) or Data Processor (DP) within the territorial scope of the GDPR, are Data Subjects and hence entitled to these rights. The DC is responsible for allowing data subjects to exercise their rights and to ensure that they can make effective use of […]

The principles are set in article 5 of the GDPR and enshrined thorough all the Regulation, and they apply to every personal data processing activity. As the cornerstone of the Regulation, they should be kept in mind when interpreting the rights and duties established in the GDPR. Lawfully, Fairly and Transparent Lawfully refers to the […]

. The data processor (DP) is the one that processes personal data for the account, on instruction and under the authority of the Data Controller (DC)-other than the employee of the DC. It can be a natural or legal person, public authority, agency or another body.

The Data Controller (“DC”) is the one who, alone or jointly, determines the purpose and means of the processing of personal data; in other words, is the one who decides why other’s personal data is processed and how it would be processed; therefore, is regulated under the GDPR and it is abided by its rules. […]

To secure data from internal and external threats, article 32 of the GDPR, provides the following points to be considered in choosing a data protection solution: The state of the art refers to the latest technology available; The cost of implementation refers to the price to use such data security. The best solution will not […]

Transborder data flow is a transfer of personal data to a recipient who or which is subject to a foreign jurisdiction. Article 44 of the GDPR states “any transfer of personal data which are undergoing processing or are intended for processing after transfer to a third country or to an international organization (…)” For instance, […]

The GDPR* is applicable if the personal data is processed by a controller or processor based in the EU and also, to non-EU data controllers and processors which process personal data of EU data subjects where the processing is related to the offering of goods or services, irrespective of whether a payment of the data […]

Once the GDPR enters into force, the Binding Corporate Rules (BCRs) will be explicitly recognized as mechanism adducing appropriate safeguards to the transfer of personal data outside the EU. This new inclusion, not only recognizes the use of BCRs for the transfer of personal data within a corporate group but also allow it to a […]

When implementing the GDPR, international transfer of personal data is one of the biggest challenges for a group of companies. This is because, usually, the company members share personal data between each other or send personal data to a group of enterprises engaged in the same economic activity which are not always located in the […]

The first step to comply with the GDPR is to define the entity’s status under the GDPR; it either can be a Data Controller or a Data Processor, or in some cases, both. Only with a clear determination of the role, an assertive assessment of the rights and obligations for that particular company can be […]